Bug 49734 - conflicts between bind and ipchains
Summary: conflicts between bind and ipchains
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: bind
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-07-23 16:28 UTC by Need Real Name
Modified: 2007-04-18 16:35 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2001-09-18 17:29:12 UTC

Attachments (Terms of Use)

Description Need Real Name 2001-07-23 16:28:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19-7.0.1 i586)

Description of problem:
I have a RH 7.1 box with a Bind DNS server and ipchains. After booting the
machine Bind don't serve any DNS query.
I tryed to run: "/etc/init.d/named restart" to see if named had died,
but this does not resolve the problem. But if I run:
/etc/init.d/ipchains stop
/etc/init.d/named restart
/etc/init.d/ipchains start

Then the server begins to resolve the DNS querys of the rest
of the network. I don't think it a error with my ipchain configuration,
because after those 3 command the ipchains are active and named
serves the names without problem.

How reproducible:

Steps to Reproduce:
1. Reboot the DNS server
2. Ask some PC in the network to do a query to the DNS server

Actual Results:  The client don't get any answer and try next DNS server in

Expected Results:  The client get the answer (quickly)

Additional info:

The ipchains -L command on the DNS server returns:
NOTE: the name of the DNS server is dac.escet.urjc.es

[root@dac /root]# ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     tcp  ------        any ->  
ACCEPT     udp  ------        any ->  
ACCEPT     udp  ------  dac.escet.urjc.es    anywhere              domain
->   any
ACCEPT     udp  ------  gsyc.escet.urjc.es   anywhere              domain
->   any
REJECT     tcp  -y----  anywhere             anywhere              any ->  
REJECT     udp  ------  anywhere             anywhere              any ->  
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

Comment 1 Karsten Hopp 2002-07-16 12:58:05 UTC
DNS lookups can be tcp, too. Please add tcp rules for the 2. and 3. rule above.

Note You need to log in before you can comment on or make changes to this bug.